undefined | Better HN

0 pointsthrowaway20371y ago0 comments

To be clear, this is bog standard in all mega-corps now. They have a vendor product that provides HTTP Internet proxy, then they perform MitM to decrypt HTTPS traffic and re-sign/encrypt with in-house issued cert. Then, this cert is auto-trusted as part of all base OS installations. To be honest, how else can mega-corps spy on HTTPS traffic without this MitM tactic? I don't know any other way.

0 comments

echoangle1y ago

Yes, but normally this is done by making your own CA and installing it into your client devices, not by getting it into every device globally by working with Microsoft.

hulitu1y ago

> Yes, but normally this is done by making your own CA and installing it into your client devices, not by getting it into every device globally by working with Microsoft.

Google, Facebook, Microsoft, Apple, Cloudfare, Godaddy, Lets encrypt. They all "work with Microsoft".

echoangle1y ago

Does any employer get a certificate from any of the CAs you listed to MITM their internal networks?

1 more reply

j / k navigate · click thread line to collapse

0 pointsthrowaway20371y ago0 comments

0 comments

echoangle1y ago

Yes, but normally this is done by making your own CA and installing it into your client devices, not by getting it into every device globally by working with Microsoft.

hulitu1y ago

> Yes, but normally this is done by making your own CA and installing it into your client devices, not by getting it into every device globally by working with Microsoft.

Google, Facebook, Microsoft, Apple, Cloudfare, Godaddy, Lets encrypt. They all "work with Microsoft".

echoangle1y ago

Does any employer get a certificate from any of the CAs you listed to MITM their internal networks?

1 more reply

j / k navigate · click thread line to collapse